Lucene search

[email protected]CVE-2006-6364

HistoryDec 07, 2006 - 11:28 a.m.

CVE-2006-6364

2006-12-0711:28:00

[email protected]

web.nvd.nist.gov

cve

cross-site scripting

xss

ismail

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

Affected configurations

NVD

Node

inside_systemsinside_systemsMatchmail_2.0

CPENameOperatorVersion
inside_systems:inside_systemsinside systemseqmail_2.0

CPE	Name	Operator	Version
inside_systems:inside_systems	inside systems	eq	mail_2.0

References

secunia.com/advisories/23229

securityreason.com/securityalert/1990

www.insidesystems.net/projects/project.php?projectid=4

www.securityfocus.com/archive/1/453420/100/0/threaded

www.securityfocus.com/bid/21424

www.vupen.com/english/advisories/2006/4848

exchange.xforce.ibmcloud.com/vulnerabilities/30704

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2006-6364

nvd1 cvelist1